Date: Fri, 17 May 2019 18:02:26 +0000 (UTC) From: "Stephen J. Kiernan" <stevek@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r347934 - head/sys/dev/veriexec Message-ID: <201905171802.x4HI2QpV090926@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: stevek Date: Fri May 17 18:02:26 2019 New Revision: 347934 URL: https://svnweb.freebsd.org/changeset/base/347934 Log: Protect commands that are considered dangerous with checks for kmem write priv. This allows for MAC/veriexec to prevent apps that are not "trusted" from using these commands. Obtained from: Juniper Networks, Inc. MFC after: 1 week Modified: head/sys/dev/veriexec/verified_exec.c Modified: head/sys/dev/veriexec/verified_exec.c ============================================================================== --- head/sys/dev/veriexec/verified_exec.c Fri May 17 17:50:01 2019 (r347933) +++ head/sys/dev/veriexec/verified_exec.c Fri May 17 18:02:26 2019 (r347934) @@ -1,7 +1,7 @@ /* * $FreeBSD$ * - * Copyright (c) 2011-2013, 2015, Juniper Networks, Inc. + * Copyright (c) 2011-2013, 2015, 2019 Juniper Networks, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -44,6 +44,7 @@ #include <sys/mount.h> #include <sys/mutex.h> #include <sys/namei.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/queue.h> #include <sys/vnode.h> @@ -70,6 +71,37 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cm struct verified_exec_params *params; int error = 0; + /* + * These commands are considered safe requests for anyone who has + * permission to access to device node. + */ + switch (cmd) { + case VERIEXEC_GETSTATE: + { + int *ip = (int *)data; + + if (ip) + *ip = mac_veriexec_get_state(); + else + error = EINVAL; + + return (error); + } + break; + default: + break; + } + + /* + * Anything beyond this point is considered dangerous, so we need to + * only allow processes that have kmem write privs to do them. + * + * MAC/veriexec will grant kmem write privs to "trusted" processes. + */ + error = priv_check(td, PRIV_KMEM_WRITE); + if (error) + return (error); + params = (struct verified_exec_params *)data; switch (cmd) { case VERIEXEC_ACTIVE: @@ -105,16 +137,6 @@ verifiedexecioctl(struct cdev *dev __unused, u_long cm else error = EINVAL; mtx_unlock(&ve_mutex); - break; - case VERIEXEC_GETSTATE: - { - int *ip = (int *)data; - - if (ip) - *ip = mac_veriexec_get_state(); - else - error = EINVAL; - } break; case VERIEXEC_LOCK: mtx_lock(&ve_mutex);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905171802.x4HI2QpV090926>